Jeremy Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Ethiopian dissidents living overseas had their devices infected with spyware made by an Israeli defense company, Canadian researchers allege. Their findings have revived longstanding concerns over some governments' potential abuse of powerful surveillance tools.

In the latest blow to Kaspersky Lab, the U.K. government is warning that the Russian anti-virus vendor's software should not be used on computers that handle classified information. British bank Barclays has also ceased giving away Kaspersky's AV software to its customers.

An employee of the NSA's Tailored Access Operations group has pleaded guilty to mishandling classified information. The material ended up in the hands of Russia after he copied it to his home computer, which had Kaspersky Lab's anti-virus software installed.

Roman Seleznev, the son of a Russian lawmaker who earlier this year received one of the longest sentences ever handed down in the U.S. for computer-related crimes, has been slammed with two more 14-year sentences. He was a key figured in the infamous Carder.su fraud marketplace.

Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.

The U.S. government has charged three employees of Chinese cybersecurity firm Boysec with stealing valuable intellectual property from Siemens, Moody's Analytics and Trimble. Security researchers say Boysec has been operating since 2007 and is also known as APT 3 and Gothic Panda.

The steady stream of new reports about years-old breaches continues as Imgur, the popular photo-sharing service, belatedly warns that it suffered a breach in 2014 that compromised 1.7 million users' accounts.

Uber paid hackers $100,000 to keep quiet about a 2016 breach that exposed 57 million accounts belonging to customers and drivers, Bloomberg reports. But was the payment a bug bounty, as Uber has suggested, or really an extortion payoff and hush money?

U.S. prosecutors have unsealed an indictment against an Iranian man charged with trying to extort entertainment company HBO for $6 million in bitcoins. The case marks a rare public naming of someone accused of cyber extortion, which poses an increasing risk for all organizations.

Security experts are awaiting more details from Intel about two classes of vulnerabilities in its chips that could put organizations' most trusted data at risk. Millions of computers are affected, and computer manufacturers must prepare and distribute customized patches.

A veteran security researcher has become entangled in a conflict with Chinese drone manufacturer DJI over his security vulnerability report, which initially qualified for the manufacturer's bug bounty program. The researcher says communications broke down after he refused to sign a legal agreement.

Kaspersky Lab says it "inadvertently" scooped up classified U.S. documents and code from an NSA analyst's home computer, but suggests it wasn't the conduit by which the material ended up in Russian hands. It claims that the computer was riddled with malware.

A security service from McAfee designed to scan and block malicious links sent via email appears to have given a free pass to "Emotet" banking malware, a researcher warned. But McAfee contends that its ClickProtect service worked as intended.